Plataforma
other
Componente
rumpus-ftp-server
Corregido en
9.0.13
CVE-2025-55057 identifies multiple Cross-Site Request Forgery (CSRF) vulnerabilities within Rumpus FTP Server. CSRF attacks allow malicious actors to trick authenticated users into unknowingly executing unintended actions. This vulnerability impacts versions 9.0.12–9.0.12 of Rumpus FTP Server and has been resolved in version 9.0.13.
A successful CSRF attack against Rumpus FTP Server could allow an attacker to perform actions on behalf of an authenticated user without their knowledge or consent. This could include modifying server configurations, creating or deleting user accounts, or potentially accessing sensitive files stored on the FTP server. The impact is amplified if the FTP server is used to store confidential data or is integrated with other critical systems. While the direct data breach potential might be limited to files accessible via FTP, the ability to manipulate server settings could lead to broader system compromise.
CVE-2025-55057 was publicly disclosed on 2025-11-17. There is no indication of active exploitation or inclusion in the CISA KEV catalog at this time. Public proof-of-concept exploits are currently unavailable, but the CSRF nature of the vulnerability makes it likely that such exploits will emerge. The medium CVSS score reflects the potential for exploitation and impact.
Organizations and individuals utilizing Rumpus FTP Server versions 9.0.12–9.0.12, particularly those hosting sensitive data or integrating the FTP server with other critical systems, are at risk. Shared hosting environments where multiple users share the same FTP server instance are also at increased risk, as a compromised user account could potentially impact other users.
disclosure
Estado del Exploit
EPSS
0.03% (7% percentil)
CISA SSVC
Vector CVSS
The primary mitigation for CVE-2025-55057 is to upgrade Rumpus FTP Server to version 9.0.13 or later, which contains the fix. If upgrading immediately is not feasible, consider implementing temporary workarounds such as restricting access to sensitive FTP functions via a web application firewall (WAF) or proxy server. Configure the WAF to block requests with suspicious referer headers or unexpected origins. Additionally, review and strengthen user authentication practices to minimize the risk of session hijacking. After upgrading, confirm the fix by attempting a CSRF attack against a test user account and verifying that the action is denied.
Actualice Rumpus FTP Server a una versión que corrija la vulnerabilidad CSRF. Consulte el sitio web del proveedor para obtener la última versión y las instrucciones de actualización. Implemente medidas de seguridad CSRF en su aplicación web para mitigar el riesgo.
Análisis de vulnerabilidades y alertas críticas directamente en tu correo.
CVE-2025-55057 is a Cross-Site Request Forgery (CSRF) vulnerability affecting Rumpus FTP Server versions 9.0.12–9.0.12, allowing attackers to perform unauthorized actions on behalf of authenticated users.
You are affected if you are running Rumpus FTP Server version 9.0.12–9.0.12. Upgrade to version 9.0.13 or later to mitigate the vulnerability.
Upgrade Rumpus FTP Server to version 9.0.13 or later. As a temporary workaround, implement WAF rules to block suspicious requests.
There is currently no evidence of active exploitation, but the CSRF nature of the vulnerability suggests potential for future exploitation.
Refer to the official Rumpus FTP Server website or security advisories for the latest information and updates regarding CVE-2025-55057.
Sube tu archivo de dependencias y detecta esta y otras CVEs al instante.